An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | mediawiki | < 1:1.31.2-1 | mediawiki_1:1.31.2-1_all.deb |
Debian | 11 | all | mediawiki | < 1:1.31.2-1 | mediawiki_1:1.31.2-1_all.deb |
Debian | 10 | all | mediawiki | < 1:1.31.2-1 | mediawiki_1:1.31.2-1_all.deb |
Debian | 999 | all | mediawiki | < 1:1.31.2-1 | mediawiki_1:1.31.2-1_all.deb |
Debian | 13 | all | mediawiki | < 1:1.31.2-1 | mediawiki_1:1.31.2-1_all.deb |